Tag: IT
Page 2 of 3

In an earlier post I wrote about the importance of charting the network. Since then, I did just that, as I mentioned, in LucidChart. Here are some of my impressions from doing that for my home network.

The current diagram

I used LucidChart’s 7-day free trial of the Pro version, which I found to be almost as versatile for this as Visio. The one thing I missed from that product is the ability to modify shapes with custom properties, which I would have used for adding MAC addresses, static IP addresses and so on. I ended up putting in some of that in Comments on items and some in Notes. I haven’t settled yet on which I prefer.

The creation of connections is very natural – you simply drag the mouse from one item to another and it draws a connection in that direction. I found this a great time saver.

The default set of shapes in the library was equal to this task but again this is where the lack of custom properties comes into play. I would have liked, for example, to be able to tell it not just to give me a Switch, but also how many ports that would have. I have used Visio shapes that modify based on these properties to represent them visually.

I chose to integrate the app with Google Drive, which gave me a very convenient way to get to my drawings, and also displays it on a doubleclick, without opening it up in the app. Very handy and it was dead-easy to do. “It just works” is not only something Apple fans get to say.

I am probably going to subscribe to LucidChart at the Personal level ($40/yr). It only allows up to 100MB of charts and doesn’t include a handful of advanced features, but I have little anticipation of either of those things being a bad constraint.

Oh, and that Sophos UTM that it says will be there “soon?” That should happen this weekend – stay tuned for more geekery about that.

Share this:

As you may recall, late last fall, Sony Pictures Entertainment acknowledged that their entire IT infrastructure had been severely breached. At the time, the attackers were announced to be the North Koreans. But serious analysis absent political axes to grind has put that conclusion in doubt, to say the least. More evidence points to the actions of an unhappy employee/former employee and roughly half a dozen accomplices.

One of the things that the attackers did was release a huge cache of internal emails, emails that did not put anyone from within Sony in the best light. Who among us can say that the release of all our emails would treat us much better? Still, these were dumped onto public sites, e.g., PasteBin.
Sony’s immediate response was to try to shut down the press from covering this aspect of the situation by sending legal-ish letters to all major media outlets, claiming that just because they were public didn’t mean that they could be reported. To understand how this is consistent with the First Amendment, I think you need a law degree and a fat paycheck from Sony. Needless to say, the folks at WikiLeaks were not impressed. They spent the next few months building everything that was released into a searchable archive. You can read about that site they just opened here.

Sony’s well-compensated lawyers have jumped right back into the fray, of course. Unable to do anything about the WikiLeaks site itself, they have once again taken their, um, peculiar understanding of Freedom of the Press to the medium of threatening letters directed at the press (sample here).

The website TechDirt received one of these letters, and wrote about that fact (coverage). Yeah, gossip about Julia Roberts is not truly newsworthy but there’s plenty in those emails that is. It’s worth noting that one of two Investigative Reporting Pulitzer Prizes just given out went to EricLipton, who also didn’t think much of Sony’s legal theory in this matter. Lipton used whatever he needed from that treasure trove. TechDirt has now made a formal response to Sony, which is rather amusing.

I know Sony likes when their work product makes us want to get popcorn and settle in, but I don’t think this is what they had in mind.

Share this:

A really important thing to do if you have more than three or four devices on your network, even your little home network, is to maintain an up-to-date network diagram. You don’t notice how your home network grows… you get some new toy and it connects via WiFi or cable and you just plug it in without much thought….
My home network currently includes a WiFi router, three switches (one managed, two dumb), a server, a NAS, two desktops, two TiVo boxes, a networked BD player, a standalone HD broadcast tuner, two printers and a Roku. And that’s just the wired network; WiFi adds five Android devices, a Blackberry, four laptops, a ChromeCast, a ChromeBook and a separate little standalone network for four Raspberry Pis which I connect to the main network via wireless bridge. Finally, I am soon adding a dedicated firewall device in lieu of the WiFi router’s boundary protection. Did you also count 33 devices? Yeah, ours may be a little more tech-intensive than many households, but it’s just the two of us. Imagine a household with four or five people, be they roommates or a family where at least the older kids are into the Techie Teen years. Then add something like a home-automation system and you’re well on the way to 100 IP addresses.

Without a diagram showing what connects to what and just plain what’s out there, you will never be able to keep it all straight. Try a product like SoftPerfect WiFi Guard, and it will do you no good: if you don’t know what the set of devices should be, you can’t know if the devices you actually find are legit or not. Documentation of your network should at minimum be a list of devices and enough specs for each device that you can identify a “mystery” connection. Capture the MAC address, at least, along with whatever descriptive information will help you most.

As for me, I find a textual list of networked devices unsatisfying: I always want to see the “big picture.” I have maintained Visio diagrams and similar in the past, but the problem is that they get out of date pretty quickly and I may or may not remember to get back to them in time to help with my next troubleshooting need.

So today I began trying LucidChart to manage the drawings. Pretty neat so far; kind of a basic version of Visio in a web page, and it links to my Google Drive for anywhere-anytime access to the drawings. I’ll report back here as I get more experience with it.

Share this:

Network Zones: I would like three segregated network zones in our home LAN. One for our general purpose computers, one for our Android and BlackBerry devices, and one for our printers and connected entertainment boxes (Roku, TiVo, etc.). There does need to be some traffic between them, however; at least the computers need to be able to communicate with the printers. I have at my disposal for this an ASUS WiFi router and a TP-Link managed switch. I may also soon add…

A UTM device in front of our Internet connection. That ASUS router is currently connected straight to the DOCSIS 3 cable modem, and doing boundary duty as well as all its internal responsibilities. I am considering Sophos Free Home UTM, and pfSense. I have purchased the Intel Atom D2500 for the hardware base. This will probably handle the Sophos – if not, pfSense will be no challenge to it, for sure.

Need to find a way to set up a group of Raspberry Pi units with USB DVD drives to bulk-rip all our movie and TV DVDs into a format that Plex or Serviio will serve. This is a living-space-placement issue as well as a tech challenge because cats.

We have a Sony Bravia TV and a BD player/receiver combo that do a nice job of switching the sound to our 5.1 speakers… some of the time. The receiver also has a bunch of streaming applications that are now mostly duplicated on other devices. So I think it might be time to replace the BD-Receiver. Anyone who knows of a non-Sony device that does “Bravia sync” please comment. I’m willing to put in two devices here only if absolutely necessary.

I am trying out SpiceWorks for a combination of ticketing and monitoring but I’m leery of giving an online service the amount of internal access and authentication that a monitoring system does need. If anyone knows of a similar facility I could stand up and host internally, shout it out.

There are probably more but they are all much lower priority. In fact, the priority is so low I can’t think of them now. This is why I need a ticketing system.

Share this:

Every month at my office, I hold an informal Lunch & Learn. I take the opportunity to enlighten any of my colleagues who want to listen about some topic related to Information Security. This is available to anyone in our IT operation who’s interested, anywhere in the world. Since this event has attracted a bit of a following in the UK, I feel bad for them that it’s always at 5PM local. Especially since it’s always on a Friday! So a couple times a year, I will do it at 7AM (or 8AM, as I did today) in order to hit noon UK time.
Between these lunch & learn sessions, and two to four conference talks a year, I have started to notice that the experience falls into a fairly consistent pattern.

A last minute rush of tweaking my slides, which is not helped by the fact that I love to compose the actual presentation in the last 24 hours before presenting. I will read and research for weeks but I seldom commit anything to PowerPoint before the last 24 hours.

I want questions, and at first I usually get silence. Then I finally get one… then another. And they’re good! Smart questions!

I love it! Want to do it again, and again!

Strange as it seems for someone as introverted as I am, I really enjoy making these large group presentations. My efforts seem to be pretty warmly-received, and I get asked back. So I guess I am not just a victim of the Dunning-Kruger Effect here.